Jailbreak proves a bad move for iPhone owners

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Security firm Palo Alto Networks and a group of Chinese iPhone developers named Weiptech revealed that a piece of iPhone malware they call KeyRaider has stolen 225,000 iOS users’ iTunes login credentials. After someone installs the malware, which hides in packages of code that offer “tweaks” to the iPhone’s operating system, it’s designed to intercept their iTunes login details and send them to a remote server. Each stolen account allows the victim’s iTunes payment information to be hijacked and used to install paid apps on other iOS devices. Palo Alto Networks says that a separate app designed to allow people to install free apps has been installed more than 20,000 times. Who is paying for those people’s free apps? KeyRaider’s victims. The researchers call the KeyRaider attack “the largest known Apple account theft caused by malware.” The victim accounts all apparently belong to people who jailbroke their iPhones so apps could be installed that aren’t approved by Apple’s app store. Source: Wired

The ‘winner’ might not be the duly elected candidate

Some experts say U.S. voting machines are so insecure that all elections, whether at the national, state or local level, are vulnerable to being attacked by hackers in other countries, and the attacks could go undetected. It’s difficult for computer scientists to pinpoint exactly how many programmers around the world are capable of remotely breaching election software—whether that’s the vote itself or other related data—such as voter-registration records. However, many agree that the intellectual barrier is not significant. Each state conducts its own system of voting, and some election protocols are more secure than others. That said, all modes of computerized voting are subject to being compromised. For example, Internet voting, also known as iVoting, allows citizens to vote through an online portal or by email or by fax. If not encrypted properly, these transactions could be compromised. Source: WhoWhatWhy

Fool me once, shame on you; fool me twice …

sh_voting machine_280Scam artists are using high-profile security breaches—such as the Ashley Madison hack and Carphone Warehouse data breach—to persuade people to reveal their bank details by capitalizing on fear. Widely reported data breaches have prompted a rise in cold calls, texts and emails from fraudsters trying to gain access to personal information. Victims who lose money to the tricksters won’t get refunds from their banks because, unlike hackers who access details without consent, these scammers persuade victims to reveal account numbers and PINs by posing as security experts or police officers. They tell potential victims that they are targets of fictitious new hacks. Source: The (U.K.) Telegraph

We’re still here

sh_cheating_280Despite rumors that the end is near for Ashley Madison after a hacking attack outed some 32 million would-be cheaters, the company says the site is flourishing. Avid Life Media, parent company of Ashley Madison, released a statement denying rumors that the site is shutting, and disputing a widely publicized analysis that found few real women actively used its services. “Recent media reports predicting the imminent demise of Ashley Madison are greatly exaggerated,” the company statement said. “Despite having our business and customers attacked, we are growing. This past week alone, hundreds of thousands of new users signed up for the Ashley Madison platform—including 87,596 women.” Source: CBS News

The enemy of my enemy

The identities of a group of American technical experts who provided assistance to covert operations by the U.S. government overseas have been compromised as the result of cross-referencing of data from the Office of Personnel Management and other recent data breaches. Two officials speaking on condition of anonymity said Chinese and Russian intelligence agencies have worked with both private software companies and criminal hacking rings to obtain and analyze data. William Evanina, the National Counterintelligence Executive for the Office of the Director of National Intelligence, confirmed that data from breaches “absolutely” had been used to unmask U.S. covert agents. Performing analytics on breached data could tell foreign intelligence agencies “who is an intelligence officer, who travels where, when, who’s got financial difficulties, who’s got medical issues” and help create a “common picture” of U.S. intelligence operations, he said. Source: The Los Angeles Times

Not letting things slide

China long shadow flag with a weight scaleThe Obama administration is drafting an escalating series of actions, including economic sanctions and curbs on doing business in the United States, to punish China and other nations that hack corporate computer networks, according to two administration officials with knowledge of the planning. The measures have not yet been decided, the officials said, and the administration is moving cautiously, as actions being considered include cyber retaliation, which could reveal information about U.S. government and private cybersecurity capabilities. It also could trigger further online or commercial warfare that would be difficult to contain. The actions under consideration wouldn’t be targeted solely at China, the officials said. Source: Bloomberg Business 

Well, you see, that is …

After Sony Pictures was hacked, it brought in famed lawyer David Boies to threaten anyone who published any information from the hack, claiming that it was a violation of the First Amendment and threatened to sue Twitter, claiming that Twitter would be held “responsible for any damage or loss arising from such use or dissemination by Twitter.” Sony argued the hack was incredibly harmful. However, now, the company is in court arguing that there has been no harm done to its employees, who have filed a class-action lawsuit against Sony for failing to protect their data. Sony says that any employees’ personally identifiable information that was exposed was not particularly private in the first place. Source: Tech Dirt

sh_data protection_280We’ll pay you now; you pay us later

With more than 900 million reported records exposed by cyber attacks in 2014, more companies are looking at transferring risks to insurance providers. Currently, insurers are finding it difficult to assign the proper value to data or systems, or to determine appropriate policies since they are unable to scope the cyber risk environment of an organization. “More information sharing and understanding of event impact and the associated longer-term costs (through post-incident analytics, for example) can help remove some of these obstacles. In turn, this will drive better policy rates and see the cyber insurance market progressively emerge from its niche, despite being around for over 30 years,” says Michela Menting, research director for ABI Research, which forecasts the market will hit $10 billion by 2020. Source: First Post